Second follow-up VC on the non-EU/EEA Data protection Code of Conduct

Date14th Feb 2014 at 16.05-17.10 CET
ParticipantsPatrick van Eecke, DLA Piper
 Valter Nordh, eduGAIN
 Mikael Linden, eduGAIN, notes


Community comments

Went through the comments 1.1-2.3 from the community that the DLA Piper memo by DLA Piper 29 Jul 2013 had risen. 

1.1. Why Standard Contractual Clauses?

More clarification why standard contractual clauses (SCC) approach (and not consent)

1.2. Data importer's ability to satisfy its legal obligations

SCC Annex 2, I(b) "It [i.e, the "data exporter"/Home Organisation] has used reasonable efforts to determine that the data importer is able to satisfy its legal obligations under these clauses."

1.3. Liability and interference with other agreements

How does this interact with potentially existing Federation Agreements already covering the parties, specifically ruling out liability where possible (and limiting it to some rather low sum in all other cases, such as SWAMID's federation policy)?

agreement between the Home Organisation and Service Provider which in all cases takes precedence over this Charter."

Does SCC leave room for HOs and SPs agreeing something else bilaterally?

1.5 Australia and adequate protection

The sentence on page 2 "The European Commission has so far recognised the following countries as providing adequate protection: Andorra, Argentina, Australia,..." caused confusion in the Australian colleagues.

2.3. Home Organisation's signaling their commitment to the CoC

Is it a strong enough signal of commitment to the CoC that a HO just decides to release attributes to an SP that has committed to the CoC?

Next steps


Submitting the CoCs to WP29